Full Security Advisory publshed by RIM for old BlackBerry 6 Webkit vulnerability

If you remember way back 6 months ago, which in the mobile tech world may as well be 20 years, RIM released an advisory concerning a vulnerability with the BlackBerry 6 WebKit browser. Well this week RIM has finally published the full security advisory, and it includes some interesting facts regarding why it took so long.

Initially RIM had stated that any device running OS 6.0.0.526 and up were safe from the vulnerability, but the full report sheds some more information on it. It seems that RIM had provided the carriers with all the information 2 weeks after the initial report, and that it has taken 6 months for enough of the carriers to provide the necessary updates to their customers.

A sufficient number of wireless service providers must make a security software update for BlackBerry smartphones publicly available to customers before RIM will publish full details of the software update in a Security Advisory. RIM delivered the software updates to its wireless service provider partners. Where a wireless service provider may not have then provided the software updates to all customers, this policy is intended to protect those customers from increased risk of exploitation.

Within two weeks of learning of the vulnerabilities that this Security Advisory addresses RIM tested and delivered fixed software to our wireless service provider partners for their Technical Acceptance process. During the Technical Acceptance process, RIM monitored update availability for nine affected devices available through nearly 500 carriers globally until an availability level was achieved that allowed us to be confident that disclosure of the security vulnerabilities addressed by the software update would protect the interests of the majority of our customers.

RIM continues to work with our partners to expedite the process of software update delivery to BlackBerry smartphone customers.

Note: KB26132 was previously published as a Security Notice to responsibly advise customers about the existence of one of the three vulnerabilities, which had been publicly disclosed, and provide workaround options in lieu of a software update to address that issue for all affected customers. This Security Advisory replaces that Security Notice and provides full details of publicly available software updates that address that issue and two related issues, and urges affected customers to upgrade.

I don’t know about you, but I think it is absolutely absurd that it has taken mobile carriers this long to provide the necessary BlackBerry 6 updates to their customers. What do you all think? Please leave us a comment with your thoughts.